STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The Infoblox system must send a notification in the event of an error when validating the binding of another DNS server’s identity to the DNS information.

DISA Rule

SV-233892r621666_rule

Vulnerability Number

V-233892

Group Title

SRG-APP-000350-DNS-000044

Rule Version

IDNS-8X-400034

Severity

CAT II

CCI(s)

• CCI-001906 - The information system performs organization-defined actions in the event of an error when validating the binding of the information producer identity to the information.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS. Select "Grid DNS Properties".
2. Toggle Advanced Mode and review the "Logging" tab.
3. Enable the following categories using the check boxes:
client
config
database
dnssec
lame servers
network
notify
rate-limit
resolver
security
transfer-in
transfer-out
update
update-security
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.

Check Contents

Infoblox systems allow configuration of DNS auditing based on selectable events. Verify that important event categories are enabled to log events.

1. Navigate to Data Management >> DNS and select "Grid DNS Properties".
2. Toggle Advanced Mode and review the "Logging" tab.
3. Validate that at a minimum the following categories are enabled:
client
config
database
dnssec
lame servers
network
notify
rate-limit
resolver
security
transfer-in
transfer-out
update
update-security
4. When complete, click "Cancel" to exit the "Properties" screen.

If the named logging categories are not enabled, this is a finding.

Vulnerability Number

V-233892

Documentable

False

Rule Version

IDNS-8X-400034

Severity Override Guidance

Infoblox systems allow configuration of DNS auditing based on selectable events. Verify that important event categories are enabled to log events.

1. Navigate to Data Management >> DNS and select "Grid DNS Properties".
2. Toggle Advanced Mode and review the "Logging" tab.
3. Validate that at a minimum the following categories are enabled:
client
config
database
dnssec
lame servers
network
notify
rate-limit
resolver
security
transfer-in
transfer-out
update
update-security
4. When complete, click "Cancel" to exit the "Properties" screen.

If the named logging categories are not enabled, this is a finding.

Check Content Reference

M

Target Key

5251

Comments